Mercurial > vim
diff src/insexpand.c @ 34753:a87c4383404a v9.1.0254
patch 9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu'
Commit: https://github.com/vim/vim/commit/0a419e07a705675ac159218f42c1daa151d2ceea
Author: zeertzjq <zeertzjq@outlook.com>
Date: Tue Apr 2 19:01:14 2024 +0200
patch 9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu'
Problem: [security]: Heap buffer overflow when calling complete_add()
in the first call of 'completefunc'
Solution: Call check_cursor() after calling 'completefunc' (zeertzjq)
closes: #14391
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Tue, 02 Apr 2024 19:15:02 +0200 |
parents | 6d3a5ef458cd |
children | ffa6ed03a9f2 |
line wrap: on
line diff
--- a/src/insexpand.c +++ b/src/insexpand.c @@ -2741,6 +2741,7 @@ expand_by_function(int type, char_u *bas --textlock; curwin->w_cursor = pos; // restore the cursor position + check_cursor(); // make sure cursor position is valid, just in case validate_cursor(); if (!EQUAL_POS(curwin->w_cursor, pos)) { @@ -4606,6 +4607,7 @@ get_userdefined_compl_info(colnr_T curs_ State = save_State; curwin->w_cursor = pos; // restore the cursor position + check_cursor(); // make sure cursor position is valid, just in case validate_cursor(); if (!EQUAL_POS(curwin->w_cursor, pos)) {